tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kotsiras, Alexandros" <>
Subject RE: Can i use JDBC realm to protect .ram files ? ?
Date Fri, 13 Oct 2000 15:12:02 GMT
Thanks for the reply , 
the problem though is that by default all the non-jsp files / servets are
served by Apache not Tomcat.
So even if i declare 

as protected in my web.xml,  Tomcat will not pop-up the login box for

but only for  http://host:8080/context/media/metafile.ram    (Port 8080) 

In general i found out that if i want to use Tomcat's Realms for HTML files
or non JSPs/servlets i will 
have to use it's own built-in Web Server which is not very good solution.

Or perhaps i can tell Apache not to serve files in /media/  (.html , .ram
etc) at all by itself
but instead leave Tomcat do that ? ?

In any case i decided to implement custom solution with AuthControllerServet
/ Session Tracking 
that will check Users session/permissions and forward to the appropriate
.ram file. 

A request for  a .ram file is supposed to spawn RealPlayer on the browser. 
I was having trouble getting this behavior after forwarding from
AuthControllerServet servlet to .ram files.
Instead the browser was displaying the text content of the .ram file instead
of spawning RealPalyer

The problem was resolved after only after i added the appropriate MIME types
in the 
web.xml file of the application as follows : 




-----Original Message-----
From: Craig R. McClanahan []
Sent: Friday, October 13, 2000 12:36 AM
Subject: Re: Can i use JDBC realm to protect .ram files ? ?


> Hi want to protect Real Player meta files with Tomcat's JDBC Realm.Is
> it possible  ? ?By default it only protects .jsp and servlets.I want
> Tomcat to pop-up the login box when the user sends a request to
> http://host/context/media/metafile.ram I know it can be done via the
> Apache password protection mechanism but  i am only interested in
> Database authentication because i want to let the user register via
> HTML form and select a username/passowrd by himself.Tomcat's
> implementation with Users/Roles tables fits very nice but it only
> protects JSP and servets.Any ideas ? ?Thanks,Alex

Tomcat enforces the rules you define in your <security-constraint>
elements.  In particular, you can define a <url-pattern> to which a
particular constraint applies.  You've got a couple of choices -- define
a pattern "/media/*" to protect all files in the /media subdirectory (no
matter what type they are), or define a pattern "*.ram" to protect all
RealAudio files (no matter what directory they are in).

Craig McClanahan

See you at ApacheCon Europe <>!
Session VS01 (23-Oct 13h00-17h00):  Sun Technical Briefing
Session T06  (24-Oct 14h00-15h00):  Migrating Apache JServ
                                    Applications to Tomcat

View raw message